Why do web.config override MetaBase.xml?

views:

242

answers:

Why do web.config override MetaBase.xml?

This might be a borderline Server Fault-question, but here goes.

I have a IIS 6 where AspMaxRequestEntityAllowed="204800" in MetBase.xml, suggesting the upload file limit is 200kb, while <httpRuntime maxRequestLength="20192"/> in web.config allows for a 20mb upload - and the latter is what the application allows.

Why do web.config override MetaBase.xml? To me, that seems like an error of hirarchy. And where would I find a "centralized parameter" to config max limits for the entire machine the server is on, in case I don't want some web.config mishapp to allow for gigabytes of upload?

I am not aware of MetaBase.xml but in your machine there are default configs available in folder

c:\Windows\Microsoft.Net\Frameworks\VERSION\Config

am sorry the exact name could be little different, but you will figure out easily, here you will find couple of different web.*.config files, in each of them you can configure and there is a way you can disallow this property to be changed at lower level, but I am not aware of how to do that.

Reading MS Documentation of httpRuntime says that max limit is anyway set to 4MB by ASP.NET itself. I will try to find how to block lower level to modify this element in their web.config.

Akash Kava 2009-08-26 07:29:57

I've read somewhere that the limit is 4 MB as well - in fact I've experienced it too. But in the webapp I mentioned it's apparently overriden, as larger files are allowed. I've not written the webapp, so I'm not familiar with the details of it.

Marcus L 2009-08-26 09:24:53

Yes but there are also ways to prevent lowest points web.config to do any changes that can be defined higher up at machine.config

Akash Kava 2009-08-26 18:43:45

Web.config file is the last-point configuration manager and entries in it will override any entries made in the higher layers.

I.e. any settings made in machine.config file (which are applicable to all websites) will be overridden by web.config (applicable to only that website).

In fact you can have separate web.config file for each folder which will override your root level web.config.

This is the way hierarchy works you know.

Cyril Gupta 2009-08-26 07:32:44

"This is the way hierarchy works you know." Not if you see if from the point that the webapp is accessed via the server, and so the server config should dictate what the underlying apps are allowed to do. If I was a server tech, not wanting massive uploads on a specific server, I'd be pretty ticked off if any 'ol developer could override my server settings in the app-config. But maybe that's just me. As I see it, server setting overrides app settings. I guess I'm wrong. But I do see the advatages of both scenarios.

Marcus L 2009-08-26 09:21:11

I'm marking this as correct answer, but I'll have to look into Microsoft configuration inheritance. :)

Marcus L 2009-08-26 09:47:38

Well when you're a website owner you'd be pretty ticked off if a part of your website fails to work because the relevant permissions were not set in machine.config. Also remember this is valid only for settings that are logically modifiable, example: the website owner cannot change folder permissions for folders he doesn't own, only those that he has rights to.

Cyril Gupta 2009-08-26 11:29:04

ansaurus

tags:

views:

answers:

Why do web.config override MetaBase.xml?

related questions